smartmta/dist_ts/security/classes.rustsecuritybridge.d.ts

interface IDkimVerificationResult {
    is_valid: boolean;
    domain: string | null;
    selector: string | null;
    status: string;
    details: string | null;
}
interface ISpfResult {
    result: string;
    domain: string;
    ip: string;
    explanation: string | null;
}
interface IDmarcResult {
    passed: boolean;
    policy: string;
    domain: string;
    dkim_result: string;
    spf_result: string;
    action: string;
    details: string | null;
}
interface IEmailSecurityResult {
    dkim: IDkimVerificationResult[];
    spf: ISpfResult | null;
    dmarc: IDmarcResult | null;
}
interface IValidationResult {
    valid: boolean;
    formatValid: boolean;
    score: number;
    error: string | null;
}
interface IBounceDetection {
    bounce_type: string;
    category: string;
}
interface IReputationResult {
    ip: string;
    score: number;
    risk_level: string;
    ip_type: string;
    dnsbl_results: Array<{
        server: string;
        listed: boolean;
        response: string | null;
    }>;
    listed_count: number;
    total_checked: number;
}
interface IContentScanResult {
    threatScore: number;
    threatType: string | null;
    threatDetails: string | null;
    scannedElements: string[];
}
interface IVersionInfo {
    bin: string;
    core: string;
    security: string;
    smtp: string;
}
interface ISmtpServerConfig {
    hostname: string;
    ports: number[];
    securePort?: number;
    tlsCertPem?: string;
    tlsKeyPem?: string;
    maxMessageSize?: number;
    maxConnections?: number;
    maxRecipients?: number;
    connectionTimeoutSecs?: number;
    dataTimeoutSecs?: number;
    authEnabled?: boolean;
    maxAuthFailures?: number;
    socketTimeoutSecs?: number;
    processingTimeoutSecs?: number;
    rateLimits?: IRateLimitConfig;
}
interface IRateLimitConfig {
    maxConnectionsPerIp?: number;
    maxMessagesPerSender?: number;
    maxAuthFailuresPerIp?: number;
    windowSecs?: number;
}
interface IEmailData {
    type: 'inline' | 'file';
    base64?: string;
    path?: string;
}
interface IEmailReceivedEvent {
    correlationId: string;
    sessionId: string;
    mailFrom: string;
    rcptTo: string[];
    data: IEmailData;
    remoteAddr: string;
    clientHostname: string | null;
    secure: boolean;
    authenticatedUser: string | null;
    securityResults: any | null;
}
interface IAuthRequestEvent {
    correlationId: string;
    sessionId: string;
    username: string;
    password: string;
    remoteAddr: string;
}
/**
 * Bridge between TypeScript and the Rust `mailer-bin` binary.
 *
 * Uses `@push.rocks/smartrust` for JSON-over-stdin/stdout IPC.
 * Singleton — access via `RustSecurityBridge.getInstance()`.
 */
export declare class RustSecurityBridge {
    private static instance;
    private bridge;
    private _running;
    private constructor();
    /** Get or create the singleton instance. */
    static getInstance(): RustSecurityBridge;
    /** Whether the Rust process is currently running and accepting commands. */
    get running(): boolean;
    /**
     * Spawn the Rust binary and wait for the ready signal.
     * @returns `true` if the binary started successfully, `false` otherwise.
     */
    start(): Promise<boolean>;
    /** Kill the Rust process. */
    stop(): Promise<void>;
    /** Ping the Rust process. */
    ping(): Promise<boolean>;
    /** Get version information for all Rust crates. */
    getVersion(): Promise<IVersionInfo>;
    /** Validate an email address. */
    validateEmail(email: string): Promise<IValidationResult>;
    /** Detect bounce type from SMTP response / diagnostic code. */
    detectBounce(opts: {
        smtpResponse?: string;
        diagnosticCode?: string;
        statusCode?: string;
    }): Promise<IBounceDetection>;
    /** Scan email content for threats (phishing, spam, malware, etc.). */
    scanContent(opts: {
        subject?: string;
        textBody?: string;
        htmlBody?: string;
        attachmentNames?: string[];
    }): Promise<IContentScanResult>;
    /** Check IP reputation via DNSBL. */
    checkIpReputation(ip: string): Promise<IReputationResult>;
    /** Verify DKIM signatures on a raw email message. */
    verifyDkim(rawMessage: string): Promise<IDkimVerificationResult[]>;
    /** Sign an email with DKIM. */
    signDkim(opts: {
        rawMessage: string;
        domain: string;
        selector?: string;
        privateKey: string;
    }): Promise<{
        header: string;
        signedMessage: string;
    }>;
    /** Check SPF for a sender. */
    checkSpf(opts: {
        ip: string;
        heloDomain: string;
        hostname?: string;
        mailFrom: string;
    }): Promise<ISpfResult>;
    /**
     * Compound email security verification: DKIM + SPF + DMARC in one IPC call.
     *
     * This is the preferred method for inbound email verification — it avoids
     * 3 sequential round-trips and correctly passes raw mail-auth types internally.
     */
    verifyEmail(opts: {
        rawMessage: string;
        ip: string;
        heloDomain: string;
        hostname?: string;
        mailFrom: string;
    }): Promise<IEmailSecurityResult>;
    /**
     * Start the Rust SMTP server.
     * The server will listen on the configured ports and emit events for
     * emailReceived and authRequest that must be handled by the caller.
     */
    startSmtpServer(config: ISmtpServerConfig): Promise<boolean>;
    /** Stop the Rust SMTP server. */
    stopSmtpServer(): Promise<void>;
    /**
     * Send the result of email processing back to the Rust SMTP server.
     * This resolves a pending correlation-ID callback, allowing the Rust
     * server to send the SMTP response to the client.
     */
    sendEmailProcessingResult(opts: {
        correlationId: string;
        accepted: boolean;
        smtpCode?: number;
        smtpMessage?: string;
    }): Promise<void>;
    /**
     * Send the result of authentication validation back to the Rust SMTP server.
     */
    sendAuthResult(opts: {
        correlationId: string;
        success: boolean;
        message?: string;
    }): Promise<void>;
    /** Update rate limit configuration at runtime. */
    configureRateLimits(config: IRateLimitConfig): Promise<void>;
    /**
     * Register a handler for emailReceived events from the Rust SMTP server.
     * These events fire when a complete email has been received and needs processing.
     */
    onEmailReceived(handler: (data: IEmailReceivedEvent) => void): void;
    /**
     * Register a handler for authRequest events from the Rust SMTP server.
     * The handler must call sendAuthResult() with the correlationId.
     */
    onAuthRequest(handler: (data: IAuthRequestEvent) => void): void;
    /** Remove an emailReceived event handler. */
    offEmailReceived(handler: (data: IEmailReceivedEvent) => void): void;
    /** Remove an authRequest event handler. */
    offAuthRequest(handler: (data: IAuthRequestEvent) => void): void;
}
export type { IDkimVerificationResult, ISpfResult, IDmarcResult, IEmailSecurityResult, IValidationResult, IBounceDetection, IContentScanResult, IReputationResult as IRustReputationResult, IVersionInfo, ISmtpServerConfig, IRateLimitConfig, IEmailData, IEmailReceivedEvent, IAuthRequestEvent, };